Why is there "/proc/net/snmp" file on my device? Could it be due to a malware?

Question

After reading this paper I observed a little and I realized that an SNMP socket (exactly two: v4 and v6) exists when I use ls /proc/1/net. I see them clearly.

My question is simple, do the bootkits exist on Android? I suppose yes, if it is the case would you have documentation to recommend me at the security level? Especially the use of SNMP, is it normal? For example a use by the phone operator for material supervision? But this phone is a second hand with a different operator that does not make sense for my case.

Two days ago I asked a question here related to mediatek and strange files and files saturating the memory space. But I did not find an answer in relation to audio_dump folder in the paper of blackhat, but some matches that are cold in the back.

— mizizad | Sources

Answer

There is no piece of software that has zero probability of being infected by some kind of malware. But in general, Windows by design is more prone to infections as compared to Linux and other UNIX based operating systems. Android is also based on Linux kernel, plus it has additional security mechanisms related to booting part, such as locked bootloader and Verified Boot. So generally we don't see Android devices hijacked by bootkits.

That said, init is the very first userspace process started by kernel with PID 1. It's a generic piece of AOSP, developed by Google and not modified by phone OEMs or network operaters (AFAIK). However its configuration files *.rc can be modified / added / removed easily to start / stop services and daemons on boot.

Presence of /proc/[PID]/net/snmp indicates that your kernel has ability to support an SNMP agent if run on your device. This is common, modern kernels are built so. Alarming is if there is an agent running in background on your device, something listening on UDP port 161 from an SNMP management console. You can analyze all listening ports using netstat or ss. Both are shipped with Android.

— Irfan Latif | Sources

Q & A

First N sec not played from pulseaudio over HDMI on Android TV

What is the difference between twrp-[version]-[phone].img and twrp-installer-[version]-[phone].zip?

List of ADB settable permissions

How to automate sending my current battery percentage to PC over the internet every 5 minutes?

Does `adb install` do APK signature verification?

Where can I see in the Revolut Android application on which day of the month my amount of currency exchange is reset to 0?

how to *really* kill adware app

Accessing favorite/hearted images when choosing an image with Samsung's Gallery app

How to find out the package name of an Android app, without ADB nor installing apps

How to use Visual Studio Code on an Android device?

Record log before device reboots

How can I undo an edit in Gmail's compose field?

ADB using USB-C to USB 2.0 cable

How to check that my Phone supports MicroSd Card SDXC UHS1 Bus Speed U30 card or not?

Facebook Messenger Chat always shows one chat unread

Can "Magisk" hide bootloader status?

How can I sync the Google keyboard's clipboard with Android's clipboard?

Unknown download on my android phone

Why do restricted apps still use data?

DNS queries are cached permanently, how to reliably clear DNS cache on Android 7+?

Topics

2D Engines 3D Engines 9-Patch Action Bars Activities ADB Advertisements Analytics Animations ANR AOP API APK APT Architecture Audio Autocomplete Background Processing Backward Compatibility Badges Bar Codes Benchmarking Bitmaps Bluetooth Blur Effects Bread Crumbs BRMS Browser Extensions Build Systems Bundles Buttons Caching Camera Canvas Cards Carousels Changelog Checkboxes Cloud Storages Color Analysis Color Pickers Colors Comet/Push Compass Sensors Conferences Content Providers Continuous Integration Crash Reports Credit Cards Credits CSV Curl/Flip Data Binding Data Generators Data Structures Database Database Browsers Date & Debugging Decompilers Deep Links Dependency Injections Design Design Patterns Dex Dialogs Distributed Computing Distribution Platforms Download Managers Drawables Emoji Emulators EPUB Equalizers & Event Buses Exception Handling Face Recognition Feedback & File System File/Directory Fingerprint Floating Action Fonts Forms Fragments FRP FSM Functional Programming Gamepads Games Geocaching Gestures GIF Glow Pad Gradle Plugins Graphics Grid Views Highlighting HTML HTTP Mocking Icons IDE IDE Plugins Image Croppers Image Loaders Image Pickers Image Processing Image Views Instrumentation Intents Job Schedulers JSON Keyboard Kotlin Layouts Library Demos List View List Views Localization Location Lock Patterns Logcat Logging Mails Maps Markdown Mathematics Maven Plugins MBaaS Media Menus Messaging MIME Mobile Web Native Image Navigation NDK Networking NFC NoSQL Number Pickers OAuth Object Mocking OCR Engines OpenGL ORM Other Pickers Parallax List Parcelables Particle Systems Password Inputs PDF Permissions Physics Engines Platforms Plugin Frameworks Preferences Progress Indicators ProGuard Properties Protocol Buffer Pull To Purchases Push/Pull QR Codes Quick Return Radio Buttons Range Bars Ratings Recycler Views Resources REST Ripple Effects RSS Screenshots Scripting Scroll Views SDK Search Inputs Security Sensors Services Showcase Views Signatures Sliding Panels Snackbars SOAP Social Networks Spannable Spinners Splash Screens SSH Static Analysis Status Bars Styling SVG System Tags Task Managers TDD & Template Engines Testing Testing Tools Text Formatting Text Views Text Watchers Text-to Toasts Toolkits For Tools Tooltips Trainings TV Twitter Updaters USB User Stories Utils Validation Video View Adapters View Pagers Views Watch Face Wearable Data Wearables Weather Web Tools Web Views WebRTC WebSockets Wheel Widgets Wi-Fi Widgets Windows Wizards XML XMPP YAML ZIP Codes